Lazaretto · blog

How to vet an MCP server before you connect it to your agent

2026-07-17

An MCP server is not a passive library. Once your agent connects to it, the server can be handed your files, your credentials, and the ability to call other tools on your behalf. A bad one is a direct line to your data. Here is a practical way to decide whether to trust one before you connect it.

1. Read what it actually asks for

Check the tools it exposes and the permissions or environment variables it wants. A weather server that asks for filesystem access or your shell is a mismatch. The stated purpose should match the capability it requests.

2. Look at who publishes it, and how

Prefer the server from the vendor whose API it wraps, or a well-known maintainer, over a random re-publish. Check the npm publish history and the linked repository. One publish, no repo, and a brand-new account is worth more scrutiny.

3. Pin a version and diff updates

Do not install a floating latest. Pin a specific version so an update cannot silently change behavior after you have vetted it, and diff the change when you do update.

4. Scan the code before you run it

A server's package is small, so it is worth actually looking at. What matters: does it read credential files or secrets it has no reason to touch, does it send data to a hardcoded host, does it run code fetched at runtime, does it ship an install script. You can do this by hand, or point a scanner at it.

5. Run it with the least access that works

Give it only the scope it needs. If it only needs to read, do not grant write. If it does not need the network, sandbox it.

A shortcut

Lazaretto does step 4 for you: point it at a server's package and it fetches the code without running it and returns a verdict with evidence. There are pre-scanned pages for popular servers, a free browser scan, and Lazaretto is itself a remote MCP server your agent can call to check a tool before it installs it. A clear result means nothing matched: a signal, not a warranty.


Lazaretto is the pre-install checkpoint agents call themselves. Try it · pricing.